EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Add crl entry to CRL

Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.
#11654
Posted: 11/12/2009 07:30:37
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

Hi,

I'd like to add more complex crl entry to CRL.

With code:

TElCertificateRevocationListEx crl = new TElCertificateRevocationListEx();
crl.ThisUpdate = DateTime.Now;
crl.NextUpdate = DateTime.Now.AddDays(7.0);
crl.Issuer.Assign(_CAcertificate.SubjectRDN);

crl.Extensions.CRLNumber.Critical = false;
crl.Extensions.CRLNumber.Number = 1;
crl.Extensions.Included = 1;

crl.Add(_certificate); //certificate to revoke

it works fine, but entry with customer certificate is quite simple (only revocation date and revoke/hold certificate serial number).

Now, I'd like to add revocation reason.

In documentation i I've found, that in SBB contains class TElRevocationItem, which could contain revocation reason, but I haven't find any way to add such object to TElCertificateRevocationListEx.

Would you mind helping me?

Regards

Pawel.
#11656
Posted: 11/12/2009 07:57:50
by Eugene Mayevski (EldoS Corp.)

Add() method returns the index of the newly created TElRevocationItem object in Items property (in C# this would be get_Items() method). So you need to do something like this:

int idx = crl.Add(_certificate);
TElRevocationItem item = crl.get_Items(idx);
item.Exensions.Included = 1;
item.Extensions.ReasonCode.Reason = 2;


Sincerely yours
Eugene Mayevski
#11657
Posted: 11/12/2009 09:00:50
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

It works perfectly fine!

Thank you for your help and very quick answer.

One more (and I'm think last) issue. How to specify crlnumber extension? I'm trying with code:

TElCertificateRevocationListEx crl = new TElCertificateRevocationListEx();
crl.ThisUpdate = DateTime.Now;
crl.NextUpdate = DateTime.Now.AddDays(7.0);
crl.Issuer.Assign(_certificate.SubjectRDN);

crl.Extensions.Included = 1;

crl.Extensions.AuthorityKeyIdentifier.KeyIdentifier = _certificate.Extensions.AuthorityKeyIdentifier.KeyIdentifier;
crl.Extensions.AuthorityKeyIdentifier.AuthorityCertSerial = _certificate.SerialNumber;
crl.Extensions.AuthorityKeyIdentifier.IssuerSet = true;

TElCRLNumberCRLExtension cex = crl.Extensions.CRLNumber;
cex.Number = 1;


Best regards,

Pawel.
#11658
Posted: 11/12/2009 09:16:51
by Ken Ivanov (EldoS Corp.)

You should enable the corresponding flag in the Included set as well:

crl.Extensions.Included = 1 /* authority key identitifer */ | 4 /* crl number */;
#11659
Posted: 11/12/2009 09:33:43
by Paweł Sałek (Basic support level)
Joined: 07/12/2009
Posts: 6

Again, works fine.

Thank you for your help and patience.

Best regards,

Pawel.
Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.

Reply

Statistics

Topic viewed 1737 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!